RK android14 第三方app获取su权限
需要修改的地方如下
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
kernel-6.1/security/commoncap.c
system/core/init/selinux.cpp
system/core/libcutils/fs_config.cpp
system/extras/su/su.cpp
device/rockchip/common/BoardConfig.mk
device/rockchip/common/sepolicy/vendor/untrusted_app.te
system/sepolicy/prebuilts/api/34.0/public/app.te
system/sepolicy/prebuilts/api/34.0/public/domain.te
system/sepolicy/public/app.te
system/sepolicy/public/domain.teframeworks/base
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index 56066b2d813c..0c587a2c0580 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -666,7 +666,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {}static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
+ /* for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {if (errno == EINVAL) {ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
@@ -675,7 +675,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));}}
- }
+ }*/}static void SetInheritable(uint64_t inheritable, fail_fn_t fail_fn) {
kernel-6.1
diff --git a/security/commoncap.c b/security/commoncap.c
index bc751fa5adad..bad53a9b8ac0 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1243,11 +1243,11 @@ static int cap_prctl_drop(unsigned long cap){struct cred *new;- if (!ns_capable(current_user_ns(), CAP_SETPCAP))
+ /*if (!ns_capable(current_user_ns(), CAP_SETPCAP))return -EPERM;if (!cap_valid(cap))return -EINVAL;
-
+*/new = prepare_creds();